cpe:/a:blackcat-cms:blackcat_cms:1.2 CVE-2017-9609 2017-07-17T17:29:00.697-04:00 2017-07-21T10:31:20.507-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2017-07-20T14:30:51.620-04:00 MISC http://packetstormsecurity.com/files/143103/Blackcat-CMS-1.2-Cross-Site-Scripting.html CONFIRM https://github.com/BlackCatDevelopment/BlackCatCMS/issues/373 MISC https://github.com/faizzaidi/Blackcat-cms-v1.2-xss-POC-by-Provensec-llc Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.